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REMARKS 

Claims 1-20 were pending. All stand rejected and the action has been made 
final. The applicant requests further examination and consideration in view of the 
amendments above and remarks set forth below. 

By the above amendments, the applicant has amended independent claims 1 
and 20 to include the limitations of original dependent claims 5 and 6. Claims 7, 9 
and 11, which were dependent from claim 5, are amended to depend from claim 1. 
Therefore, the amendment does not present any issues beyond those already raised by 
claims 5 and 6. Because claims 5 and 6 were previously presented, the amendment 
does not raise any new issues that would require further consideration and search. 
Therefore, as stated in the Manual of Patent Examining Procedure (8 th Ed, Rev. 2) at 
Section 714.13, the proposed amendment should be given sufficient consideration to 
determine whether the claims are in condition for allowance and/or whether the issues 
on appeal are simplified. As explained in more detail below, all of the claims are now 
in condition for allowance. 

Rejections under 35 U.S.C. § 103: 

Claims 5 and 6 were rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Nessett (U.S. Patent No. 5,968,176) in view of Hind (U.S. Patent No.6,585,778) 
in further view of Mohaban (U.S. Patent No. 64,63,470). 

Prior to the amendments above, claim 5 was dependent from claim 1 and 
recited that the registry data structure comprises a hierarchy of network types, each 
type comprising a definition of a network role. Claim 6 was dependent from claim 5 
and recited that the network role is representative of a set of applications to be 
supported by the network. By the above amendment, the limitations of claims 5 and 6 
have been incorporated into claim 1 and into claim 20. The applicant respectfully 
traverses the rejection as it may be applied to amended claims 1 and 20. 

In rejecting claims 5 and 6, the examiner stated that claim 1 (from which 
claims 5 and 6 depended) was met by Nessett in view of Hind. The examiner further 
stated that neither Nessett, nor Hind, disclose how the security policies are stored. 
However, the examiner stated that such limitations of claims 5 and 6 are met by 
Figure 8C of Mohaban. The examiner further stated that it would have been obvious 
to incorporate the ideas of Mohaban with those of Nessett in view of Hind and add the 
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hierarchy of types that play network roles and have applications associated with them 
for organization and ease of looking up and retrieving stored policies. 

Nessett discloses a multi-layer firewall that provides for establishing security 
in a network. Nessett, Title and Abstract. Nessett explains that security is an 
increasingly important issue for network users. Nessett, col. 1, lines 12-14. Nessett 
further explains that the variety of security features, devices and levels of protocol at 
which they operate present a significant administrative problem. Nessett, col. 1, lines 
61-64. Thus, Nessett is directed toward solving the problem of coordinating security 
policy implementation across multiple layers of network systems. Nessett, col. 3, 
lines 15-17. Nessett provides a solution to this problem by providing a policy 
definition component for a firewall that accepts policy data that defines how the 
firewall should behave. Nessett, col. 3, lines 29-32. Security functions operating in a 
collection of networked devices across multiple protocol layers are coordinated by the 
policy definition component so that particular devices enforce that part of the security 
policy pertinent to their part of the network. Nessett, col. 3, lines 36-40. 

Hind discloses enforcing data policy using style sheet processing. Hind, Title. 
Hind uses "data policy" to mean procedures and rules used to control access to stored 
data. In other words, Hind is directed to data security. Hind explains that because of 
factors resulting from highly distributed networks of applications, devices and users, 
the need to enforce usage policies using sophisticated techniques has become critical. 
Hind, col. 1, lines 21-39. Thus, Hind is directed toward the problem of enforcing data 
security policies in a complex distributed computing environment. Hind, col. 3, lines 
46-54. 

Thus, Nessett and Hind are both directed to problems of implementing data 
security. In contrast, Mohaban is directed to quality-of-service (QoS) treatments of 
network data traffic flows. Mohaban, Title. Mohaban explains that computer 
networks include numerous services and resources for use in moving traffic 
throughout a network. Mohaban, col. 2, lines 38-39. Priority fields for data link 
frames can specify a particular treatment for the frame, such as background, best 
effort, excellent effort, etc. Mohaban, col. 2, lines 53-61. Upon examining the 
priority field, network devices apply the corresponding treatment to the frames; for 
example, a device may have a plurality of transmission queues per port and may 
assign frames to different queues on the basis of the frame's priority value. Mohaban, 
col. 2, lines 61-67. Similarly, a type of service field for a network layer packet may 
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be used to specify a particular service to be applied to the packet, such as high 
reliability, fast delivery, accurate delivery, and whether delay, throughput or 
reliability is most important for the traffic associated with the packet. Mohaban, col. 
3, lines 1-13. 

Mohaban explains that current application programs that execute in network 
devices rarely invoke QoS functions and, therefore, they do not take full advantage of 
QoS features that are available. Mohaban, col. 4, lines 22-25. Mohaban further 
explains several other problems with past approaches to QoS, including lack of ability 
to define QoS policies for traffic flows generated by individual applications, difficulty 
in defining QoS policies by persons having differing areas of knowledge and 
expertise, and arbitrary ways of storing and representing policies used to determine 
QoS treatment of traffic flows. Mohaban, col. 4, line 26 to col. 6, line 42. 

To solve these problems, Mohaban proposes a method of integrating a 
network with policies representing QoS treatments of network data flows. Mohaban, 
col. 5, lines 48-50. Information structures representing one or more policies 
representing QoS treatments are created and stored according to a schema. Mohaban, 
col. 5, lines 50-55. The schema is used to facilitate establishing QoS policies in 
network devices by creating and storing application information that associates one or 
more traffic flows generated by an application program, including information 
identifying one or more points at which an application generates the traffic flows; 
receiving device QoS information that defines one of more quality-of-service 
treatments that the network device may apply to data processed by the network 
device; based on the device QoS information and the application information, 
determining one or more processing policies that associate the traffic flows with the 
quality-of-service treatments; and creating and storing one or more mappings of the 
application information to the QoS treatments that may be used to generate the 
quality-of-service value when the application program generates traffic flows. 
Mohaban, col. 5, line 55 to col. 6, line 3. 

When applying 35 U.S.C. § 103, the references must be considered as a whole 
and must suggest the desirability and, thus, the obviousness of making the 
combination and the references must be viewed without the benefit of impermissible 
hindsight vision afforded by the claimed invention. Manual of Patent Examining 
Procedure, Section 2141 (8 th Ed., Rev. 2). As is also explained at Section 2141.01(a) 
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of the Manual of Patent Examining Procedure, to rely on a reference under 35 U.S. C. 
§ 103, it must be analogous prior art. 

Here, the Nessett and Hind references relate to data security and are, thus, 
directed toward restricting access to data by unauthorized persons. In contrast, 
Mohaban is directed to quality-of-service, which means that it is directed to achieving 
certain performance, such as throughput or reliability, for selected traffic flows. 
Because these references are in completely different fields of endeavor, there could 
not be a motivation to combine them. 

The examiner stated Nessett and Hind do not disclose how their security 
policies are stored. (Emphasis added). The examiner further stated that it would have 
been obvious to incorporate the ideas of Mohaban with those of Nessett in view of 
Hind for organization and ease of looking up and retrieving stored policies. However, 
because Mohaban is directed entirely toward solving quality-of-service problems, it 
cannot provide a hint, teaching or suggestion to use its techniques in data security 
systems such as Nessett and Hind since they are for an entirely different purpose. In 
other words, a person attempting to solve a problem encountered in the field of 
network security would not look to the field of quality-of-service for a solution. 

Further, because Nessett and Hind do not disclose how their security policies 
are stored, they cannot provide any hint, teaching or suggestion use techniques from 
an entirely different field of endeavor to store the policies. Thus, rather than viewing 
the references as a whole to determine whether they suggest the desirability of 
combining them, the examiner is using the applicant's claims as a guide to reconstruct 
the applicant's invention using impermissible hindsight. 

Therefore, it would not have been obvious to combine Nessett and Hind with 
Mohaban. Accordingly, claims 1 and 20 are allowable. Claims 2-4 and 7-19 are 
allowable at least because they depend from an allowable base claim 1 . 

Moreover, the applicant's invention as recited in claims 1 and 20 is directed to 
network security. As explained above, Mohaban is directed to quality-of-service, 
which means that it is directed to achieving certain performance, such as throughput 
or reliability, for selected traffic flows. Because Mohaban is in an entirely different 
field of endeavor from that of the applicant's invention, Mohaban is not analogous 
prior art. As such, Mohaban cannot be used to reject the applicant's claims under 35 
U.S.C. §103. See Manual of Patent Examining Procedure at Section 2141.01(a). 
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This is another reason why claims 1 and 20 are allowable and is, thus, another 
reason why claims 2-4 and 7-19 are allowable. 

Moreover, even if the references could be properly combined, they do not 
disclose all of the limitations of amended claims 1 and 20. As amended, claim 1 
recites forming a registry data structure for defining roles within a network, the 
registry data structure comprising a hierarchy of network types, each type comprising 
a definition of a network role, the network role being representative of a set of 
applications to be supported by the network, and mapping network security policies to 
the registry data structure, said network security policies being contained in one or 
more policy documents. 

As mentioned above, the examiner stated that neither Nessett, nor Hind, 
disclose how the security policies are stored. Thus, the examiner relies upon Figure 
8C of Mohaban for the limitations of original claim 5. Regarding Figure 8C, 
Mohaban explains that it shows a tree structure which is contained in a QoS policy 
domain object and is represented by one or more QoS policy domain objects. 
Mohaban, col. 23, lines 37-40. Policy definitions include one or policy rules 
partitioned into containers, such as QoS policy domain objects, under a higher level 
container. Mohaban, col. 23, lines 46-49. Mohaban further explains that each domain 
may contain a container and that the container class models Roles and serves as a 
container of Policy Rules in the form of one or more policy rule objects. Mohaban, 
col. 23, line 57-61. 

Thus, while Mohaban discloses a tree structure of quality-of-service policy 
domain objects, it does not disclose all of the specific limitations of the applicant's 
original claims 5 and 6, nor has the examiner explained how Figure 8C of Mohaban 
teaches all of the specific limitations of claims 5 and 6. For example, the applicant's 
amended claim 1 requires that a network role is representative of a set of applications 
to be supported by the network. While Mohaban uses the term "Role" in one 
instance, Mohaban does not provide any teaching or suggestion of what is meant by it 
(Mohaban also inexplicably capitalizes the term as though it is a proper noun). 
Therefore, Mohaban does not teach that a network role is representative of a set of 
applications to be supported by the network as is required by the applicant's claim 1 . 
This shortcoming of Mohaban is even more apparent when one considers that 
Mohaban is in an entirely different field from that of the applicant's invention. 
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As stated in the Manual of Patent Examining Procedure (8* Ed. Rev. 2), at 
Section 2143.03, to establish prima facie obviousness of a claimed invention, all the 
claim limitations must be taught or suggested by the prior art. (Emphasis in original) 
(citing, In re Royka, 490 F.2d 981, 180 USPQ 580 (CCPA 1974)). Because not all of 
the limitations of claims 1 and 20 are taught or suggested by the prior art, this is yet 
another reason why claims 1 and 20 are allowable. This is also another reason why 
claims 2-4 and 7-19 are allowable, being dependent upon an allowable base claim 1. 

Conclusion: 

In view of the above, the applicants submit that all of the pending claims are 
now allowable. Allowance at an early date would be greatly appreciated. Should any 
outstanding issues remain, the examiner is encouraged to contact the undersigned at 
(408) 293-9000 so that any such issues can be expeditiously resolved. 



Respectfully Submitted, 





Derek J. Westberg (Reg. No. 40,872) 
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